“Guardians of Tomorrow: A Decade of Security Revelations for 2018 and Beyond”

By the A10 Networks Security Engineering Research Team (SERT)

The 1970s witnessed the extraordinary Kreskin captivating audiences with his exceptional ability to foresee future events. Through suggestion, he would make predictions. Although Kreskin refrained from labeling himself as a psychic – preferring to be viewed as an entertainer – his forecasts often came to fruition.

Today, we will undertake our best imitation of Kreskin and aim to predict the future of cybersecurity for 2018. Utilizing our knowledge and understanding of the industry as a reference, we have assembled ten forecasts regarding cybersecurity for the upcoming year. Without further ado, here are A10’s top ten security predictions for 2018.

1. Digital security will become a fundamental human rights issue.

Currently, society is heavily reliant on digital communication. Mobile devices, laptops, and cloud services have enabled immediate and widespread access to information. Cyber threats are proliferating, affecting both businesses and service providers, while consumers often find themselves least equipped to deal with security challenges. Phishing, fraud, identity theft, and ransomware present significant risks to consumers’ peace of mind.

Our dependence on secure communications mirrors our need for clean air, water, and food. Digital security should be considered a vital human right. Without such protection, individuals are exposed to substantial risks, facing financial hardships and challenges due to widespread security threats. Society needs to evolve its perspective and recognize cybersecurity as an inherent human right before such challenges become epidemic, ultimately providing peace of mind to both businesses and consumers.

2. A catastrophic attack will cripple a major mobile network operator by targeting its core systems.

Mobile network operators currently focus on protecting their networks against external threats by using Gi firewalls and DDoS mitigation tools. However, this is changing, as attacks may also emerge from within the network itself.

Mobile network operators are generally unprepared for these internal threats, with the core of 3G and 4G networks often lacking adequate protection. In the coming year, an astute attacker will pinpoint a vulnerable element and could incapacitate the entire network by compromising its management systems.

3. Encryption will gain primal significance in east-west traffic.

As east-west traffic grows rapidly and more organizations move workloads to the cloud, sensitive data is increasingly at risk. This scenario can lead to data breaches and theft. Securing east-west traffic with encryption will become essential for safety and regulatory compliance, emerging as a focal point in 2018 as encryption usage escalates and online trust diminishes.

4. Municipal and state agencies will face an unprecedented number of cyberattacks.

In recent years, city and state organizations have experienced a surge in cyberattacks. This trend will reach its zenith in 2018. As municipal and state governments continue transitioning to online services and adopting modern architectures like the cloud, budget constraints will determine their security measures. Many will depend on insufficiently funded security strategies, increasing their vulnerability. Such attacks may expose citizens to heightened risks of fraud, theft, or compromise of personal information.

5. Serverless security and analytics capabilities will gain traction for tasks such as virus scanning.

One area where serverless computing, like AWS Lambda, excels is in event-driven data manipulation, crucial for security and visibility scenarios.

In the coming year, anticipate seeing serverless applications facilitating pay-as-you-go models centered around cybersecurity and malware protection. Moreover, this will foster scalable, on-demand analysis of infrastructure telemetry.

Analysis of triggered logs, flow data, and packet captures through serverless frameworks will become commonplace, enabling small to medium-sized businesses to enjoy the same scalability advantages and flexibility as larger enterprises due to the pay-as-you-go model.

6. Cloud service providers will become targets for disruptive attacks.

As more organizations transition to cloud services, attackers will focus on cloud service providers, either directly or indirectly. Incidents like Dyn and Mirai in 2016 highlight this emerging pattern, which will peak in 2018. Companies will often find themselves limited in their ability to respond to attacks targeting their cloud providers due to their lack of control over the underlying infrastructure.

This situation will encourage more organizations to consider adopting a multi-cloud strategy to distribute their workloads across various cloud vendors.

7. Adaptive and deceptive security solutions will rise to become a leading technology.

To outsmart malicious entities, innovative technologies will emerge that empower security analysts to foresee potential threats. Predictive analytics will evolve from being an optional tool to a mandatory necessity, compelling companies to invest in these technologies to stay ahead of cyber threats and safeguard their systems.

8. AI will play a pivotal role in the advancement of new security technologies.

While we are not referring to fully realized AI, the proliferation of accessible machine learning tools and chatbots integrated into nearly every new product will foster a more effective synergy between human and artificial intelligence. In the upcoming year, this will enable security teams to assess and prioritize vulnerabilities based on multiple factors beyond a single label, offering enhanced protection.

9. Vulnerable SCADA systems and IoT will lead to physical damage in 2018.

Weaknesses in Internet of Things (IoT) devices and supervisory control and data acquisition (SCADA) systems may result in physical, not just digital, harm in the coming year. Ideally, damages will limit casualties to control elements. Unlike targets faced by Stuxnet and Flame, IoT and SCADA devices frequently utilize common open-source frameworks that are easily identifiable and difficult to patch post-installation, making them attractive targets.

10. We will witness the emergence of blockchain security solutions.

In 2018, blockchain will develop beyond a buzzword. Numerous organizations will adopt blockchain technologies. Browsers will implement native and experimental support to facilitate online identities, minimizing the prevalence of anonymous transactions. By their nature, blockchain technologies provide more security than their predecessors, fostering an online environment with enhanced security and decreased anonymity compared to previous frameworks.